Tailoring the availability of network resources to on-demand, user proximity, and schedule time

ABSTRACT

A device comprises of an AC input port for receiving AC power. An AC output port is adapted to receive an AC power cord of the home network device. A switch is provided for controlling the AC power to the home network device and switching the home network device between an on state and an off state. A processor is in communication with the switch for controlling the on state and the off state of the home network device in response to one of three predetermined conditions.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 16/364,692 filed Mar. 26, 2019 which application claims thebenefit of U.S. Provisional Application No. 62/654,612 filed Apr. 9,2018, the contents of which are incorporated herein by reference.

TECHNICAL FIELD

This disclosure relates to a home network security device, and morespecifically, this disclosure relates to a nominally offsmart-switch-controlled network device.

BACKGROUND INFORMATION

The home environment contains an increasing number of connected InternetProtocol (IP) enabled wired and wireless devices. These internetconnected devices, include smart TVs, security cameras, smart locks,gaming consoles, smart thermostats. With the explosion of the internetof things (IOT) virtually every new home appliance has the ability toconnect to the internet. While this can be especially useful andconvenient, all of these connected devices can make one especiallyvulnerable to hackers and other threats.

One of the best ways to secure a home network is to limit the time inwhich the network is on. By doing this, the threat vector service areaof the network is narrowed and the time that the end users can havetheir activities monitored by 3^(rd) parties is limited. This reducesthe window of ability for connected devices in the home to collect andreport information, (i.e. spy), on the end user to only the time thatthe end user requires network services.

Typically, each device added to the home network requires the end userto accept the manufacturers' terms and conditions. These contractualrequirements often include permission to monitor how the end user usesthe equipment and to share that information with third parties. Whilethe end user may user the device a few hours per week, the device “uses”the user twenty four hours per day.

By limiting the time the network is on also reduces the likelihood thatconnected devices in the home will be discovered and infected byworm/bot distributed viruses. It also decreases the threat vectorservice area of the end user network to malicious hacking attacks andreduces the opportunity for government agencies or any 3rd party to usenetwork traffic, wired or wireless, to surveil end user activities toonly the time that the end user requires network services, and limitsthe ability of non-authorized users to access the network to only thetimes that the end user desires network services.

Accordingly, there is a need for a device that provides user-control ofthe home network to keep the network nominally off except duringuser-defined conditions.

SUMMARY

In accordance with one aspect of the present invention, disclosed is adevice for controlling a duration in which a home network device is on.The device comprises of an AC input port for receiving AC power. An ACoutput port is adapted to receive an AC power cord of the home networkdevice. A switch is provided for controlling the AC power to the homenetwork device and switching the home network device between an on stateand an off state. A processor is in communication with the switch forcontrolling the on state and the off state of the home network device inresponse to one of three predetermined conditions.

The device can be configured responsive to three predeterminedconditions comprising: (1) a geofencing area in which a user of the homenetwork device resides wherein when the user is in the geofencing areathe home network device is in the on state; (2) a scheduled time inwhich the home network device is in the on state; and (3) an on demandin which the home network device is in the on state. The device can bein communication with a mobile device that is associated with the userover a communication network for determining a geolocation of the userfor determining whether the user is in the geofencing area. In such aninstance, the device can be adapted to receive an on demand signal fromthe mobile device to switch the home network device to the on state. Thedevice can be provided with memory for storing scheduled timeinstructions for the home network device in the on state. And, theswitch for controlling the AC power to the home network device can beconfigured in a normally off state.

In one implementation, the device can include a geo-positioning sensorfor determining a location of the device. A communication network cardfor connecting the device to a communication network can also beprovided. In some implementations, the preferred communication networkis a cellular network. The device can also be provided with a networkinterface card for connecting the device to the home network device.

The device can be configured to communicate to the user (i) whether thehome network device is in the on state, (ii) whether the home networkdevice is connected to an internet service provider network, and (iii)whether the device is connected to the home network device over a homenetwork provided by the home network device.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features and advantages of the present invention will bebetter understood by reading the following detailed description, takentogether with the drawings wherein:

FIG. 1 is a detailed block diagram of a nominally off smartswitch-controlled network with the telephony network connection.

FIG. 2 is a detailed block diagram of the smart switch of FIG. 1.

FIG. 3 shows a connection between the mobile device with interactivetouch screen control for the smart switch of FIG. 1.

FIG. 4 shows an example of the network device control section on theinteractive touch screen of the mobile device of FIG. 1.

FIG. 5 shows another example of the network device control section onthe interactive touch screen of the mobile device of FIG. 1.

FIG. 6 shows yet another example of the network device control sectionon the interactive touch screen of the mobile device of FIG. 1.

FIG. 7 shows a trust level matrix for the network device control sectionon the interactive touch screen of the mobile device of FIG. 1.

FIG. 8 shows a flow chart for the logic flow of the system.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to FIG. 1, shown is a detailed block diagram of a nominallyoff smart switch-controlled network with the telephony networkconnection. In the home, the user may have one or more network devicesconnected to a home network 102 that connects to the internet 109through a router 104 connected to a modem 106. The internet appliancescan connect to router 104 in either a wired or wireless connection.Router 104 and modem 106 can be any type of network gateway, which actsas an entrance to the internet 109 through ISP 110, and may includedevices such as a combination of a router and a high-speed modem,including a DSL modem and a cable modem, among others. Router 104 may bea stand-alone device or integrated into the high-speed modem 106.

One such appliance connected to home network 102 is a smart switch 100.Smart switch 100 is an electronic device configured with a networkaccess system for connecting to internet 109 through router 104. Smartswitch 100 is also configured with a cellular access system forconnecting to a cellular network 113. In one implementation, smartswitch 100 is connected between an AC power source 114 and an AC powercord for router 104 receiving AC power from AC power source 114 andproviding AC power to router 104. In this configuration, smart switch100 gives user-control over router 104 between an on state and an offstate, which in turn disables home network 102.

FIG. 2 shows smart switch 100. Smart switch 100 can comprise a chipset200 comprising a processor 202, a system memory 204, network interface206, a cellular chip 208 and one or more software applications anddrivers to enable the functions described below. The hardware systemincludes a standard I/O bus with I/O Ports such as a GPS chip 210 apower switch controller 212 and mass storage 214 coupled thereto. GPSchip 210 could be used for determining and informing of the location ofsmart switch 100. This could be used as an extra layer of security toinform the user if smart switch is moved (which could be especiallyuseful if smart switch 100 is implemented in router 104.

Elements of computer hardware system perform their conventionalfunctions known in the art. In particular, network interfaces 206 areused to provide communication between a CPU 205 and the internet andcellular networks. Mass storage 312 can be used to provide permanentstorage for the data and programming instructions to perform the abovedescribed functions implementing, whereas system memory 204 (e.g., DRAM)can be used to provide temporary storage for the data and programminginstructions when executed by processor 205. CPU 205, it should benoted, may include a variety of system architectures, and variouscomponents of CPU 104 may be rearranged. Furthermore, certainimplementations of the claimed embodiments may not require nor includeall of the above components.

Power switch 217 is a normally open switch controlled by processor 205.Based on user-defined instructions, power switch 217 can be closed topermit the flow of AC power from AC source 114 to router 104. Thespecifics of these user-defined instructions will be discussed in moredetail below.

Smart switch 100 can be use its cellular chip 208 to communicate withthe user through a mobile device 300. Mobile device 300 can be anysuitable mobile device that may communicate with cellular chip 208 insmart switch 100, such as a mobile phone, a tablet, or a laptopcomputer. As such, mobile device 300 can comprise a mobile application302 that communicates with a webserver 112 (FIG. 1) for providinginstructions to smart switch 100, such as one or more predeterminedconditions for switching smart switch 100 to the on state to enablerouter 104. These predetermined conditions can include (i) a geofencingarea in which a user of the home network device resides wherein when theuser is in the geofencing area the home network device is in the onstate; (ii) a scheduled time in which the home network device is in theon state; and (iii) an on demand in which the home network device is inthe on state.

FIGS. 4-5 show a display of the geofencing interface, which can bedisplayed on mobile device 300 or on a web interface or both. In thisimplementation, a geofence 304 is defined as a perimeter around theuser's home 306. One or more mobile devices 300 a, 300 b associated withthe user and family are associated with the network. When geofence 304is empty, i.e. both mobile devices 300 a, 300 b are outside theperimeter as shown in FIG. 5, router 104 is off. This corresponds with apresumption that no one is at the home/office so the network is notneeded. Conversely, when one or more of the associated mobile devices300 a, 300 b are inside the perimeter, router 104 is on. The on/offtrigger for this implementation can work in the following manner.

The location of smart switch 100 is roughly determined by one of threeways, by the cell tower it is connected to, the signal strength of theother cell towers it can “see”, and by the identifiable WiFi networks itcan “see”. Smart switch 100 can be located in the center of geofence304. Mobile application 302 can be configured to send updates towebserver 112 when mobile device 302 enters or leaves geofence 304.Webserver 112 can also be set up such that if the location/addressentered by the user is inconsistent with the radius location dataprovided by the cellular carrier for the tower, the address is notaccepted and the user will be prompted to correct the address. Webserver112 can push the geofence data to mobile devices 300 a, 300 b whenmobile application 302 registers with webserver 112 and if the geofenceinformation changes (i.e. the appliance is moved). Mobile devices 300 a,300 b send updates of their location to webserver 112 so that webserver112 will notify smart switch 100 to turn off when all of the associatedmobile devices 300 a, 300 b leave the perimeter of geofence 304, and,conversely, to turn on when one of the associated mobile devices 300 a,300 b enters the perimeter of geofence 304.

FIG. 6 shows a scheduler implementation which can be presented bywebserver 112 for the user to schedule the time in which router 104 isin the on state. In this implementation, the user can set the weekdayhours and the weekend hours for router 104 to be in the on state andalso set a warning notice to alert the user before router 104 switchesstates. One of the functions of the schedule timer is to keep router 104off in the hours that the end user is sleeping. The appliance clock isset by the local cell tower via the same mechanism that sets the time onmobile device 300. Smart switch 100 disconnects the AC power to router104 on/off at the appropriate times.

A short period prior to a scheduled switch of the power to router 104 tooff, smart switch 100 can alert the end user with an audible chime andblinking lights. Additionally, any associated mobile device 300 insideof geofence 304 will also chime. The schedule switch to off can besuspended by the end user by pressing button 220 on smart switch 100 oron mobile application 302. If the end user suspends the scheduled switchto off, the scheduled switch to off can be ignored. The remainder of theschedule is unchanged, and this process will repeat with the nextscheduled off period. These scheduling instructions can be stored inmemory 204 of smart switch 100 or externally on webserver 112.

In another implementation, the user can change the status of the networkin one or more of the three ways: 1) by pressing button 220 on smartswitch 100, by (2) by selecting a virtual button on the web application,or (3) by selecting a virtual button on mobile device 300 running mobileapplication 302. The network can also be shut off through a digitalassistant API (Google Home, Amazon Alexa, Apple Siri) or by audiblyrequesting “it's Off Hours”.

Smart switch 100 performs at least three authentication functions.First, smart switch 100 can communicate to mobile device 300 whetherrouter 104 is in the on state. This informs the user that yes, AC poweris applied to router 104. Second, smart switch 100 can inform the userwhether router 104 is connected to internet 109. Third, smart switch 100can inform the user whether smart switch 100 is connected to router 104through home network 102. This informs the user whether router 104 isbroadcasting. All three authentication functions together providevaluable information to the user. Smart switch 100 effectively becomes anetwork sensor, tuned to the end user network (SSID & NetworkCredentials). Moreover, unlike other smart switches, smart switch 100provides two-way communication over a communication network with bothmobile device 300 and router 104 to provide the user with accurateinformation about the state of router 104.

FIG. 7 shows another implementation where the user can set a level oftrust that limits ability of switch 100 to interact with home network102 and with the outside world through out-of-band communications. Fourlevels of trust can be used. The lowest level prohibits allcommunications to and from switch 100, to the highest level where theuser provides all network credentials to allow switch 100 to connect tohome network 102. Trust levels act as follows:

Trust=0: Disables all communications from switch 100.

Trust=1: Enables out-of-band communications only; switch 100 does notconnect to home network 102, which limits switch 100 to only confirmwhether the AC power is switched to power output 216 so that router 104is receiving AC power.

Trust=2: Out-of-band communications plus enables switch 100 to listenfor a specific wireless network SSID from router 104 without connectingto home network 102, which tells the appliance the SSID to be monitored,but the system does not request the password, and switch 100 can notifythe user when the SSID of router 104 begins broadcasting but cannotconfirm that router 104 has successfully connected to the internet.

Trust=3: Out-of-band communications, plus permission to connect to homenetwork 102, which enables switch 100 to report when power is applied torouter 104, when the home network 102 becomes active, and when there isa connection to internet 109.

FIG. 8 shows a flow chart for the logic flow of the system thatimplements smart switch 100. The method begins at 800 with adetermination of whether the geofence is empty at step 802. If thegeofence is not empty meaning that there is a mobile device 300 ingeofence 304, the method proceeds to determine whether the scheduletimer is on at 804, then whether the schedule timer is off at 806, andthen whether button 220 is off at 808. If the determination of all ofthese steps is a negative and button 220 is on at determination step810, router 104 is set to on at step 812. The method continues withdetermining whether the Wi-Fi is detected at step 814 and whether theWi-Fi is connected at step 816. If the answer is in the affirmative forboth steps 814 and 816, the method repeats. If the answer to either ofthese determinations is the negative, an alarm is sent in step 818, andthen the method repeats. Returning to steps 802 through 806, if theanswer to either of these determinations is these affirmative, themethod continues with further determinations on whether to set router104 to on at step 812. If the geofence is empty at step 802, the methodprogresses to determine whether button 220 is set to on at step 820. Ifthe schedule timer is on at step 804, the method progresses to determinewhether the geofence is empty at step 822. If the schedule timer is offat step 806, the method progresses to determine whether button 220 is onat step 824. If button 220 is set to off at steps 820 or 824 or thegeofence is determined empty at step 822, the method progresses todetermine whether the always on is set at step 826, and, if so, themethod progresses to set router 104 on at step 812. On the other hand,if the answer is no, router 104 is set to off at step 828.

The foregoing system and method offers significant advantages over theprior art. By limiting the time that the network 102 is on, the timethat mobile devices can “spy” on the end user is reduced to only whenthe user is on the mobile device. This is because the threat vectorservice area of the network is narrowed and the time that the end userscan have their activities monitored by 3^(rd) parties is limited.Accordingly, the window of ability for connected devices in the home tocollect and report information, (i.e. spy), on the end user is narrowedto only the time that the end user requires network services. Also, thelikelihood that connected devices in the home will be discovered andinfected by worm/bot distributed viruses is also reduced.

Those skilled in the art will recognize that one or more components ofthe systems and methods for switch 100 can comprise any collection ofprocessor-based devices or computing devices operating together, orcomponents of processing systems or devices, as is known in the art. Theprocessing system switch 100 can include, for example, at least oneprocessor and at least one memory device or subsystem. The processingsystem can also include or be coupled to one or more databases forreceiving and storing data. The term “processor” as generally usedherein refers to any logic processing unit, such as one or more centralprocessing units (CPUs), digital signal processors (DSPs),application-specific integrated circuits (ASIC), etc. The processor andmemory can be monolithically integrated onto a single chip, distributedamong a number of chips or components, and/or provided by somecombination of algorithms. The methods described herein can beimplemented in one or more of software algorithm(s), programs, firmware,hardware, components, circuitry, in any combination.

The components of any system that include the systems and methods hereindescribed can be located together or in separate locations.Communication paths couple the components and include any medium forcommunicating or transferring files among the components. Thecommunication paths include wireless connections, wired connections, andhybrid wireless/wired connections. The communication paths also includecouplings or connections to networks including local area networks(LANs), metropolitan area networks (MANs), wide area networks (WANs),proprietary networks, interoffice or backend networks, and the Internet.Furthermore, the communication paths include removable fixed mediumslike floppy disks, hard disk drives, and CD-ROM disks, as well as flashRAM, Universal Serial Bus (USB) connections, RS-232 connections,telephone lines, buses, and electronic mail messages.

Aspects of the systems and methods described herein may be implementedas functionality programmed into any of a variety of circuitry,including programmable logic devices (PLDs), such as field programmablegate arrays (FPGAs), programmable array logic (PAL) devices,electrically programmable logic and memory devices and standardcell-based devices, as well as application specific integrated circuits(ASICs). Some other possibilities for implementing aspects of thesystems and methods of monitoring a subject in a premises andcorresponding systems and methods include: microcontrollers with memory(such as electronically erasable programmable read only memory(EEPROM)), embedded microprocessors, firmware, software, etc.Furthermore, aspects of the systems and methods described herein may beembodied in microprocessors having software-based circuit emulation,discrete logic (sequential and combinatorial), custom devices, fuzzy(neural) logic, quantum devices, and hybrids of any of the above devicetypes. Of course the underlying device technologies may be provided in avariety of component types, e.g., metal-oxide semiconductor field-effecttransistor (MOSFET) technologies like complementary metal-oxidesemiconductor (CMOS), bipolar technologies like emitter-coupled logic(ECL), polymer technologies (e.g., silicon-conjugated polymer andmetal-conjugated polymer-metal structures), mixed analog and digital,etc.

It should be noted that any system, method, and/or other componentsdisclosed herein may be described using computer aided design tools andexpressed (or represented), as data and/or instructions embodied invarious computer-readable media, in terms of their behavioral, registertransfer, logic component, transistor, layout geometries, and/or othercharacteristics. Computer-readable media in which such formatted dataand/or instructions may be embodied include, but are not limited to,non-volatile storage media in various forms (e.g., optical, magnetic orsemiconductor storage media) and carrier waves that may be used totransfer such formatted data and/or instructions through wireless,optical, or wired signaling media or any combination thereof. Examplesof transfers of such formatted data and/or instructions by carrier wavesinclude, but are not limited to, transfers (uploads, downloads, e-mail,etc.) over the Internet and/or other computer networks via one or moredata transfer protocols (e.g., HTTP, FTP, SMTP, etc.). When receivedwithin a computer system via one or more computer-readable media, suchdata and/or instruction-based expressions of the above describedcomponents may be processed by a processing entity (e.g., one or moreprocessors) within the computer system in conjunction with execution ofone or more other computer programs.

It should also be noted that mobile device 300 can be any of a numberand/or combination of devices selected from among personal computers,personal digital assistants, portable computing devices, and portablecommunication devices, but is not so limited. The processing system caninclude components within a larger computer system.

Elements of computer hardware system perform their conventionalfunctions known in the art. In particular, network interfaces 206 areused to provide communication between a CPU 205 and the internet andcellular networks. Mass storage 312 can be used to provide permanentstorage for the data and programming instructions to perform the abovedescribed functions implementing, whereas system memory 204 (e.g., DRAM)can be used to provide temporary storage for the data and programminginstructions when executed by processor 205. CPU 205, it should benoted, may include a variety of system architectures, and variouscomponents of CPU 104 may be rearranged. Furthermore, certainimplementations of the claimed embodiments may not require nor includeall of the above components.

Unless the context clearly requires otherwise, throughout thedescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense as opposed to anexclusive or exhaustive sense; that is to say, in a sense of “including,but not limited to.” Words using the singular or plural number alsoinclude the plural or singular number respectively. Additionally, thewords “herein,” “hereunder,” “above,” “below,” and words of similarimport, when used in this application, refer to this application as awhole and not to any particular portions of this application. When theword “or” is used in reference to a list of two or more items, that wordcovers all of the following interpretations of the word: any of theitems in the list, all of the items in the list and any combination ofthe items in the list.

While the principles of the invention have been described herein, it isto be understood by those skilled in the art that this description ismade only by way of example and not as a limitation as to the scope ofthe invention. Other embodiments are contemplated within the scope ofthe present invention in addition to the exemplary embodiments shown anddescribed herein. Modifications and substitutions by one of ordinaryskill in the art are considered to be within the scope of the presentinvention, which is not to be limited except by the following claims.

We claim:
 1. A device for controlling a duration in which a home networkdevice is on, the device comprising: an AC input port for receiving ACpower; an AC output port adapted to receive an AC power cord of the homenetwork device; a switch for controlling the AC power to the homenetwork device and switching the home network device between an on stateand an off state; and a processor in communication with the switch forcontrolling the on state and the off state of the home network device inresponse to one of three predetermined conditions.
 2. The device ofclaim 1, wherein the three predetermined conditions comprise: ageofencing area in which a user of the home network device resideswherein when the user is in the geofencing area the home network deviceis in the on state; a scheduled time in which the home network device isin the on state; and an on demand in which the home network device is inthe on state.
 3. The device of claim 2, wherein the device is incommunication with a mobile device that is associated with the user overa communication network for determining a geolocation of the user fordetermining whether the user is in the geofencing area.
 4. The device ofclaim 3, wherein the device is adapted to receive an on demand signalfrom the mobile device to switch the home network device to the onstate.
 5. The device of claim 4, and further comprising memory forstoring scheduled time instructions for the home network device in theon state.
 6. The device of claim 5, wherein the switch for controllingthe AC power to the home network device is in a normally off state. 7.The device of claim 6, and further comprising a geo-positioning sensorfor determining a location of the device.
 8. The device of claim 7, andfurther comprising a communication network card for connecting thedevice to a communication network.
 9. The device of claim 8, wherein thecommunication network is a cellular network.
 10. The device of claim 7,and further comprising a network interface card for connecting thedevice to the home network device.
 11. The device of claim 1, whereinthe device communicates to a user (i) whether the home network device isin the on state, (ii) whether the home network device is connected to aninternet service provider network, and (iii) whether the device isconnected to the home network device over a home network provided by thehome network device.
 12. A method for controlling a duration in which ahome network device is on, the method comprising: receiving AC powerfrom an AC input port; providing an AC output port for an AC power cordof a home network device; switching the home network device between anon state and an off state in response to one of three predeterminedconditions.
 13. The method of claim 12, wherein one of threepredetermined conditions comprises of determining whether a geofencearea has a preconfigured mobile device therein, and, if so, switchingthe home network device to an on state.
 14. The method of claim 12,wherein one of three predetermined conditions comprises determiningwhether a schedule timer is on, and, if so, switching the home networkdevice to an on state.
 15. The method of claim 12, wherein one of threepredetermined conditions comprises determining whether a button is setto on, and, if so, switching the home network device to an on state. 16.The method of claim 12, and further comprising providing a device forswitching the home network device between the on state and the offstate.
 17. The method of claim 16, and further comprising communicatingwith the device to a mobile device that is associated with a user over acommunication network for determining a geolocation of the user fordetermining whether the user is in a geofencing area; and wherein,receiving with the device an on demand signal from the mobile device toswitch the home network device to the on state; and wherein, storingscheduled time instructions for the home network device in the on state.18. The method of claim 16, and further comprising determining alocation of the device with a geo-positioning sensor and connecting thedevice to a communication network.
 19. The method of claim 16, andfurther comprising communicating to a user (i) whether the home networkdevice is in the on state, (ii) whether the home network device isconnected to an internet service provider network, and (iii) whether thedevice is connected to the home network device over a home networkprovided by the home network device.